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REMARKS 

This amendment is responsive to the Office Action dated July 22, 2008. Applicant has 
amended claims I, 9, 19, and 22. Claims 1-4, 6-15, 19-24, 26-35, and 56 are pending. 

Claim Rejection Under 35 U.S.C. 6 103 

In the Office Action, the Examiner rejected claims 1-3, 6-11, 15, 22-24, 26-3 1 , 35, and 
56 under 35 U.S.C. § 103(a) as being unpatentable over Valois (US 2004/0260818, hereinafter 
"Valois") in view of Delany (US 2002/0156879, hereinafter "Delany"). The Examiner also 
rejected claim 4 under 35 U.S.C. § 103(a) as being unpatentable over Valois as in view of Mitra 
(US 6,973,460, hereinafter "Mitra"). The Examiner further rejected claims 12-14, 19-21 and 
32-34 under 35 U.S.C. § 103(a) as being unpatentable over Valois in view of Delany and further 
in view of Nelson (US 6,243,713, hereinafter "Nelson"). Applicant respectfully traverses the 
rejection to the extent such rejections may be considered applicable to the claims as amended. 
The applied references fail to disclose or suggest the inventions defined by Applicant's claims, 
and provide no teaching that would have suggested the desirability of modification to arrive at 
the claimed invention. 

Applicant has amended claims 1, 19, and 22 for the purpose of clarification. The 
amendments to claim 1 , for example, clarify that the regular expression is a fine-grain access 
control attribute defining access control rights for members of the class to a portion of the 
resource provided by the device. That is, m the context of claim 1, a device stores, for a class of 
clients, an access control attribute and an associated regular expression. The access control 
attribute defines access control rights to all of the configuration data for a particular resource for 
the particular class of users. The associated regular expression defines access control rights to 
only a portion of the configuration data for that resource for the particular class of users. In this 
sense, the access control attribute is "coarse-grain" and the regular expression is "fine-grain." 
Similar amendments have been made to claims 19 and 22. 

Applicant respectfully disagrees that one of ordinary skill in the art would have found any 
reason to combine the disclosures of Valois and Delany. However, even if one of ordinary skill 
in the art were to combine the references as suggested by the Office Action, one would not have 
arrived at the requirements of, e.g., Applicant's claim 1 as amended. Although Valois may 
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disclose access control lists (ACLs) and Delany may disclose a class of clients, as asserted by the 
Examiner, the combination of Valois and Delany still fails to disclose the requirements of 
Applicant's claim 1 as amended. 

Applicant's claim 1 as amended requires an access control attribute, and an associated 
regular expression specifying a textual pattern. Claim 1 as amended further requires that the 
access control attribute is a coarse-grain access control attribute that specifies access control 
rights for members of the class to configuration data for a resource provided by the device, and 
that the regular expression specifies fine-grain access control rights for the members of the class 
to only a portion of configuration data for the resource. The Office Action cited Valois as 
disclosing these requirements in that Valois at % [0057] teaches the use of regular expressions. 
To the extent that Valois discloses regular expressions, the disclosure of Valois is limited to 
teaching the use of GREP (global regular expression print) to search files. Valois, \ [0057J. 

Valois lacks any teaching whatsoever that regular expressions are in any way associated 
with the access control lists (ACLs) or any other access control mechanism whatsoever. Instead, 
Valois teaches that GREP is used as part of a test script to determine whether a hostname is the 
same as a file name; Valois, 1 [0056]; FIG. 2, elts. 22, 24. Valois in no way teaches that a 
regular expression is associated with an access control attribute that specifies fine-grain access 
control rights for the members of the class to only a portion of the configuration data for the 
resource provided by the device as required by Applicant's claim 1. That is, even if the ACLs of 
Valois could properly be analogized to the access control attributes required by Applicant's 
amended claim 1 , Valois still fails to disclose the elements required by claim 1 because Valois 
fails to disclose that the regular expression is associated with or in any way used as an access 
control attribute, let alone as specifying fine-grain access control rights for the members of the 
dima to only a nortion of the c onfiguration data for the resource provided by the device, as 
req uired bv claim 1 . Valois fails to disclose that GREP in any way defines fine-grain access 
control rights for members of the class to a portion of the resource provided by the device. To 
quite the contrary, Valois only teaches that GREP is used to search files. Valois, H [0057]. 
Therefore, Valois fails to disclose these requirements of Applicant's claim 1. 

Delany fails to overcome these shortcomings of Valois. Delany at 1i [01 18] , for example, 
describes the use of policies to control access to groups of web servers. In order to define and 
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implement the policy, Delany teaches that policies specifies hostnames and URL prefixes which 
are then compared to incoming URLs to detect matches. This form of policy definition as taught 
by Delany does not teach or suggest use of a regular expression as an access control attribute that 
specifies fine-grain access control rights for the members of the class to only a portion of the 
configuration data for the resource provided by the device. Thus, the only teaching with respect 
to use of regular expressions is provided by Valois, and such teachings describe the use only for 
searching for files. Thus, even if Valois were modified in view of Delany, the resultant system 
would use ACLs and regular expressions in the manner taught by Valois. Valois in view of 
Delany does not teach or suggest authorization data that defines for each class of clients: (i) an 
access control attribute that specifies coar s e-grain access control riehts for members of the class 
to configuration data for a re source provide d hv the device, and (ii) an associated regular 
expression specifying a textual pattern toa| specifies fine-grain access control rights for the 
members of the class to only a portion of the c onfiguration data for the resource provided by the 
device, as required bv claim L 

Applicant's claim 1 as amended also requires evaluating a command (received from a 
client, wherein the command requests access to configuration data for the resource of the device) 
using the retrieved regular expression to determine whether the command matches the textual 
pattern specified by the retrieved regular expression. Valois lacks any teaching whatsoever of 
evaluating a command from a cli ent, wherein the command requests access to the portion of the 
configuration data for the resource of the device. Delany fails to disclose evaluating the 
command using the retrieved regular expression at all, let alone to determine whether the 
command matches the textual pattern specified by the retrieved regular expression as required by 
Applicant's claim 1 . This is necessarily so, since Delany lacks any teaching of a regular 
expression at all, as discussed above. The Office Action cited Delany at U [0118], 11. 19-26. 
Although this section discusses a "pattern," it says nothing of a regular expression specifying a 
textual pattern, nor does it say anything about evaluating a command that requests access to 
configuration data of a device, as required by Applicant's claim 1 as amended. Instead, the . 
section is referring to the formal of an incoming URL and whether the incoming URL matches 
the URL prefixes and hostnames defined by the policy. This would suggest that regular 
expressions are not used for pattern matching, but instead the policies define strings of 
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hostname* and URL prefixes. Further, Delany at If [0118] describes application of policies by a 
web gate so as to control network access to particular groups of web servers. Accordingly, 
Valois in view of Delany fails to teach, suggest, or disclose this requirement of Applicant's claim 
1 as amended. 

Further, as discussed above, the policies and URL patterns referred to at 1 [0118] related 
to controlling network access to groups of servers. With respect to actually controlling access to 
configuration data for resources of a network device, the Examiner refers to Delany at 1 [01 18] 
where Delany describes a Configure Tab 416. However, here, Delany describes use ofe iivileges 
to control whether a user can change the configuration data. In this regard, Delany describes use 
of pri viledges and Valois describes use of access control lists (ACLs), both of which at best 
describe a coarse-grain access control. The combination of references fail to provide any 
teaching whatsoever for use of a textual pattern to define and additional fine-grain access control 
rights for the members of the class to only a portion of the configuration data for the resource 
provided by the device. 

In sum, even if Valois were modified in view of Delany, the resultant system would use 
ACLs and privileges to control user access and would possibly use the Delany policies to control 
access to network servers. Applicant is at a loss as to how the Examiner can maintain that the 
resultant system would utilize authorization data that defines for each class of clients: (i) an 
access control attribute that specifies coarse-grain access control rights for members of the class 
to configuration data for a resource provided by the device, and (ii) an associated regular 
expression specifying a textual pattern that specifies fine-grain access control rights for the 
members of the class to only a portion of the configuration data for the resource provided by the 

device, as required by claim 1. 

Mitra and Nelson fail to overcome the limitations of Valois and Delany. Mitra was cited 
only for the purpose of disclosing a class syntax. Nelson was cited for the purpose of disclosing 
preprocessing a regular expression. Mitra and Nelson each lack any teaching of a regular 
expression that defines fine-grain access control rights for members of the class to a portioo of 
the resource provided by the device as required by Applicant's claim I as amended. Therefore, 
although Applicant does not acquiesce as to the Office Action's interpretations of Mitra and 
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Nelson, even if this inteipretation were correct, the applied references as a whole still fail to 
teach, suggest, or disclose the requirements of Applicant's claim 1 as amended. 

Applicant's other independent claims, i.e. claims 19 and 22, include certain similar 
requirements to those of claim 1. Therefore similar arguments apply to claims 19 and 22 as 
respectively amended. Therefore, Valois in view of Delany, and in further view of Mitra and 
Nelson, fail to teach, suggest, or disclose the requirements of Applicant's independent claims 1, 
19, and 22 as respectively amended. The dependent claims incorporate the requirements of the 
respective base claims, therefore claims 2-4, 6-15, 20-21, 23-24, 26-35, and 56 are likewise 
patentable. Moreover, the dependent claims include a number of requirements likewise not 
taught ot suggested by the applied references. 

For example, claim 2 requires wherein controlling access comprises allowing access to 
the configuration data when the access control attribute denies access to the resource and the 
textual pattern of the regular expression matches the command. That is, claim 2 requires 
allowing access to the configuration data hv the client of claim 1 . The Office Action cited 
Valois, 1 [0067] in the rejection of claim 2. The cited portion of claim 2 says nothing of 
allowing a client to access configuration data. Instead, Valois teaches that a "pass" is given for a 
test script if all ACL definitions are consistent with ACL references. In particular, Valois fails to 
disclose that access is allowed when the access control attribute denies access and the textual 
pattern of the regular expression matches the command, as required by claim 2- In this way the 
fine-grain textual pattern can be viewed as overriding the denial of access specified by the 
coarse-grain attribute. The Valois disclosure cited by the Examiner with respect to claim 2 
has no relevance whatsovoer to these claim elements. Applicant respectfully request the 
Examiner review the elements of claim 2 and further explain the rejection. Further, Delany fails 
to overcome this limitation of Valois. Therefore, Valois in view of Delany fails to disclose the 
requirements of claim 2. Similar arguments apply with respect to claims 3, 23, and 24 (where 
claims 3 and 24 require denying access when the textual pattern of the regular expression 
matches the command even though the coarse-grain access control right granJa access). 

Applicant's claim 10 requires wherein the objects (of claim 9) have respective textual 
labels and the regular expression defines the textual pattern to match the textual labels of a set of 
one or more of the objects within the configuration hierarchy. The Office Action asserted that 
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Valois teaches regular expressions that define a textual pattern to match textual labels. However, 
Valois only teaches GREP. Moreover, Valois teaches that GREP is used to search files, not to 
specify a textual pattern that matches textual labels. One of ordinary skill in the art would not 
have applied GREP, as taught by Valois, to match labels of a set of one or more objects within a 
configuration hierarchy. Therefore Valois in view of Delany fails to teach, suggest, or disclose 
these requirements of Applicant's claim 10. Similar arguments apply with respect to claim 30. 

Claim 1 1 requires wherein evaluating the command comprises applying the regular 
expression to the command to determine whether the command specifies any of the objects 
within the set. Yet again, Valois in no way teaches a regular expression that one of ordinary skill 
in the art could apply to a command received from a client. Therefore Valois in view of Delany 
fails to disclose the requirements of claim 1 1 . Similar arguments apply with respect to claim 3 1 . 

For at least these reasons, the Office Action has failed to establish a prima facie case for 
non-patentability of Applicant's claims 1-4, 6-15, 19-24, 26-35, and 56 under 35 U.S.C. 
§ 103(a). Applicant therefore respectfully requests withdrawal of this rejection. 



All claims in this application are in condition for allowance. Applicant respectfully 
requests reconsideration and prompt allowance of all pending claims. Please charge any 
additional fees or credit any overpayment to deposit account number 50-1778. The Examiner is 
invited to telephone the below-signed attorney to discuss this application. 



CONCLUSION 
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